Play interactive tour

Edit tour

Analysis Report https://www.amazon.com/gp/r.html?C=1GDZONJ9HF37K&K=399Q4AHHVBY11&M=urn:rtn:msg:20210330215523d28858d787154c4c839f5e9aa440p0na&R=KGA0LLH6J2LL&T=O&U=https%3A%2F%2Fimages-na.ssl-images-amazon.com%2Fimages%2FG%2F01%2Fnav%2Ftransp.gif&H=7UDAFTHMSIEXWWWXMQJ8NUL0Z9KA&ref_=pe_386300_440135490_opens

Overview

General Information

Sample URL:	https://www.amazon.com/gp/r.html?C=1GDZONJ9HF37K&K=399Q4AHHVBY11&M=urn:rtn:msg:20210330215523d28858d787154c4c839f5e9aa440p0na&R=KGA0LLH6J2LL&T=O&U=https%3A%2F%2Fimages-na.ssl-images-amazon.com%2Fimages%2FG%2F01%2Fnav%2Ftransp.gif&H=7UDAFTHMSIEXWWWXMQJ8NUL0Z9KA&ref_=pe_386300_440135490_opens
Analysis ID:	380839
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Startup

System is w10x64

iexplore.exe (PID: 484 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 1716 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:484 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 99.86.164.215:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.164.215:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.157.3:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.157.3:443 -> 192.168.2.5:49709 version: TLS 1.2

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x3f694333,0x01d7280b</date><accdate>0x3f694333,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x3f694333,0x01d7280b</date><accdate>0x3f694333,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x3f6e07f4,0x01d7280b</date><accdate>0x3f6e07f4,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x3f6e07f4,0x01d7280b</date><accdate>0x3f6e07f4,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x3f706a59,0x01d7280b</date><accdate>0x3f706a59,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x3f706a59,0x01d7280b</date><accdate>0x3f706a59,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: www.amazon.com

Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: ~DFAF282A198F71CD88.TMP.1.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/G/01/nav/transp.gif
Source: {6978B809-93FE-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/G/01/nav/transp.gifRoot

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706

Source: unknown	HTTPS traffic detected: 99.86.164.215:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.164.215:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.157.3:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.157.3:443 -> 192.168.2.5:49709 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/16@3/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6978B807-93FE-11EB-90E5-ECF4BB570DC9}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF4FE0FD20E7F8AA5F.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:484 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:484 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.amazon.com/gp/r.html?C=1GDZONJ9HF37K&K=399Q4AHHVBY11&M=urn:rtn:msg:20210330215523d28858d787154c4c839f5e9aa440p0na&R=KGA0LLH6J2LL&T=O&U=https%3A%2F%2Fimages-na.ssl-images-amazon.com%2Fimages%2FG%2F01%2Fnav%2Ftransp.gif&H=7UDAFTHMSIEXWWWXMQJ8NUL0Z9KA&ref_=pe_386300_440135490_opens	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe

Domains and IPs Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
c.media-amazon.com	99.86.157.3	true	false	high
d3ag4hukkh62yn.cloudfront.net	99.86.164.215	true	false	high
www.amazon.com	unknown	unknown	false	high
favicon.ico	unknown	unknown	false	unknown
images-na.ssl-images-amazon.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://images-na.ssl-images-amazon.com/images/G/01/nav/transp.gif	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.wikipedia.com/	msapplication.xml6.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.amazon.com/	msapplication.xml.1.dr	false		high
http://www.nytimes.com/	msapplication.xml3.1.dr	false		high
http://www.live.com/	msapplication.xml2.1.dr	false		high
http://www.reddit.com/	msapplication.xml4.1.dr	false		high
http://www.twitter.com/	msapplication.xml5.1.dr	false		high
http://www.youtube.com/	msapplication.xml7.1.dr	false		high
https://images-na.ssl-images-amazon.com/images/G/01/nav/transp.gifRoot	{6978B809-93FE-11EB-90E5-ECF4BB570DC9}.dat.1.dr	false		high
https://images-na.ssl-images-amazon.com/images/G/01/nav/transp.gif	~DFAF282A198F71CD88.TMP.1.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
99.86.164.215	d3ag4hukkh62yn.cloudfront.net	United States		16509	AMAZON-02US	false
99.86.157.3	c.media-amazon.com	United States		16509	AMAZON-02US	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	380839
Start date:	02.04.2021
Start time:	14:56:38
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.amazon.com/gp/r.html?C=1GDZONJ9HF37K&K=399Q4AHHVBY11&M=urn:rtn:msg:20210330215523d28858d787154c4c839f5e9aa440p0na&R=KGA0LLH6J2LL&T=O&U=https%3A%2F%2Fimages-na.ssl-images-amazon.com%2Fimages%2FG%2F01%2Fnav%2Ftransp.gif&H=7UDAFTHMSIEXWWWXMQJ8NUL0Z9KA&ref_=pe_386300_440135490_opens
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/16@3/2
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 40.88.32.150, 92.122.145.220, 104.42.151.234, 52.147.198.201, 88.221.62.148, 184.30.24.56, 152.199.19.161, 20.82.209.183, 92.122.213.247, 92.122.213.194 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, go.microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, e1723.g.akamaiedge.net, skypedataprdcoleus16.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.net

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6978B807-93FE-11EB-90E5-ECF4BB570DC9}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8447776463195191
Encrypted:	false
SSDEEP:	96:rKZBZ42EWitwbfUzEzKMfrq9LxQUxxfVES6X:rKZBZ42EWitAfERMmEQfV8X
MD5:	41C378E6466A08CE91E78BA635E7045B
SHA1:	53966BD628772BAD90A86EF11E48366DBABCBCE3
SHA-256:	13C7B6F3FC7CE6D9D98EA7BBE5EA9A57496B3527442E29F72DF481CC422E56E1
SHA-512:	B95E4101687F704FA1057D8986B162E4CA77290CF21D3D7D7562A2B8F5979D39D7F676A61106ADEBF31700FC330E6C4F7773638B98AA1940CCDB6F12C51B11B2
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6978B809-93FE-11EB-90E5-ECF4BB570DC9}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	24244
Entropy (8bit):	1.6435363037527613
Encrypted:	false
SSDEEP:	48:Iw2/GcprcUGwpauG4pQGGrapbSSGQpBhAGHHpch1TGUp8hHGzYpmhFaGopT13FFi:rkZbQO6IBS6jhv2h3WhlMhUn3Zg
MD5:	F2EBF07136FC5CFDF0675DB354590222
SHA1:	A19F762FC73BB202FC4C01585DA449BF514E20F2
SHA-256:	4662DAD7E19E113D729BDE3B3A28BDF296B3E22DA6A644534DCC81C6BD9FCF56
SHA-512:	DCBA8859B185CC08F217C70B7C217FF358B86881544FAB7A9BB8F66FBA9AFF48FCDF114274940B12777F9C5705C68243CA82549701CC0415077CCFC798763A6F
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6978B80A-93FE-11EB-90E5-ECF4BB570DC9}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5624166336600933
Encrypted:	false
SSDEEP:	48:IwNShGcpr/JGwpashG4pQkGrapbSVGQpKLG7HpRucTGIpG:rMXZbQsz6yBSfAKTuIA
MD5:	E82DAB72C764F375C6E1ED1CD68EC01F
SHA1:	7790D7125F468FB220F6F10FF64B79E544596DF5
SHA-256:	960059D85ADF3F75893F947CCEF2399BB44B5AD4861909E18304FADA48EC4FB2
SHA-512:	5DB09F8B3C687EB8FB567CD3A4DC60367F88D7F1164526069BD5F3F6D4225DF1AF724994119279590A3E2688140235FAC64111C86874A03FC7F8BCB2D4ED6B40
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	657
Entropy (8bit):	5.090942761673365
Encrypted:	false
SSDEEP:	12:TMHdNMNxOESC4CnWimI002EtM3MHdNMNxOESC4CnWimI00ONVbkEtMb:2d6NxOLC4CSZHKd6NxOLC4CSZ7Qb
MD5:	68678DA49D90FD7124F6668A7B176482
SHA1:	E6DD18A61E3E4C8EA7F5384088BC89AC750E1A53
SHA-256:	121F9A219B6E8C01BDA18193B0804594F03767D4C5C99444F7D21A4007898450
SHA-512:	9392AA0BFB490E4FD4A745F42E9455DCB8B3B84FC4E3F9869A7EC0983D548D79182B237DE509E7AAB1F33930013A19A979EE974CB215FE9C8CAEDB46B7E287F7
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x3f6e07f4,0x01d7280b</date><accdate>0x3f6e07f4,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x3f6e07f4,0x01d7280b</date><accdate>0x3f6e07f4,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	654
Entropy (8bit):	5.118841577488532
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2ku7nCnWimI002EtM3MHdNMNxe2ku0XCnWimI00ONkak6EtMb:2d6Nxrn7nCSZHKd6Nxrn0XCSZ72a7b
MD5:	5C4A9D4A6732D938CF8AA13482A7674B
SHA1:	EF0F697FF6EEFDEAB95F366BD80683E4FAF9A739
SHA-256:	40F0CE3CF30110CFBA1E380CFF36D809224495A3C3D0B89B97FDC867F5109315
SHA-512:	243E850FF083F600F9CCFEB354ED2C843659739083A7F622819B4D412091FC430943209860BFB138D2DF5C84D8B76A945F0EC4E9B4AB87B95E54253FB7BE5484
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x3f66e0e1,0x01d7280b</date><accdate>0x3f66e0e1,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x3f66e0e1,0x01d7280b</date><accdate>0x3f694333,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	663
Entropy (8bit):	5.1110470809746635
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLSC4CnWimI002EtM3MHdNMNxvLSC4CnWimI00ONmZEtMb:2d6NxvGC4CSZHKd6NxvGC4CSZ7Ub
MD5:	21D3A2CABF85DB93C16842F4B834E24E
SHA1:	7362BB5C887E643B005CC787307D37D7729FA14C
SHA-256:	B1A648694664C3FF5562086C71B2ECDB5E896A3F4F8324EAEE962F03E730B6C7
SHA-512:	9BCDCE5F581EE54505EECB2E525AB08210B43EB0FFFF7C39B40B443BCB5AD28C5888B9D6A835475C6FF6379B5B0EAFC1B1437AB6F600F1FD89F0231D5EE311B3
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x3f6e07f4,0x01d7280b</date><accdate>0x3f6e07f4,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x3f6e07f4,0x01d7280b</date><accdate>0x3f6e07f4,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	648
Entropy (8bit):	5.1091547180977015
Encrypted:	false
SSDEEP:	12:TMHdNMNxiwRFCnWimI002EtM3MHdNMNxiwRFCnWimI00ONd5EtMb:2d6NxhRFCSZHKd6NxhRFCSZ7njb
MD5:	65C18B3AD0827F55A3A8631F6BA8A7D3
SHA1:	242075A3F80AB67DBE262145978EBA46DB0FBF46
SHA-256:	DD6623BE239C1435EEA40495C16E4531504CB727BEFD1A064A94AAE2719565F2
SHA-512:	4C17952C01E32C3B82399FF25FBAA6AD9693DDDEDD5C5F07FD80682F81132211118AE78A1EC3B0D888B0AB0B623CC475AD0D6B0CA9F63A6BD7B908D04368EBFF
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x3f6ba5a2,0x01d7280b</date><accdate>0x3f6ba5a2,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x3f6ba5a2,0x01d7280b</date><accdate>0x3f6ba5a2,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	657
Entropy (8bit):	5.137027484144193
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGweCnWimI002EtM3MHdNMNxhGweCnWimI00ON8K075EtMb:2d6NxQJCSZHKd6NxQJCSZ7uKajb
MD5:	B77479DC1995E605C3E70281BC00F3B0
SHA1:	D6D7EFB1F2535CAED8A16E0AEAAD90A33061808C
SHA-256:	869450DDA9E822D66E94534A773F7F2906998728009751E9A2530D8E51DF7436
SHA-512:	D88D879C00037692570916927E25B44DF82124A60FB14B756C8426992C821A3919A797F39D78837278FF6103EA30B7B1CA97412EB512ED277BDB4D857B955FE3
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x3f706a59,0x01d7280b</date><accdate>0x3f706a59,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x3f706a59,0x01d7280b</date><accdate>0x3f706a59,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	654
Entropy (8bit):	5.0946754331049515
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nSC4CnWimI002EtM3MHdNMNx0nSC4CnWimI00ONxEtMb:2d6Nx0SC4CSZHKd6Nx0SC4CSZ7Vb
MD5:	EC182A7CD0D94BB0AF8D9336BB6133FD
SHA1:	0205ADC834445E0FA3F81667DFF6CEF1EED71AF4
SHA-256:	639D25CAA481D95BBDB853184A0C4821D7125A9B80B9B4BFCF50ADB59ED6C1EE
SHA-512:	CFDA13D266378C99E195012F6C9199E2980FC1C8351B98A4EE3C4FC5B5441AF0534495CD2A00C1002B6B3AE4B59714AE3C51A6F0F50C1F5A8F04A51B516848F3
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x3f6e07f4,0x01d7280b</date><accdate>0x3f6e07f4,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x3f6e07f4,0x01d7280b</date><accdate>0x3f6e07f4,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	657
Entropy (8bit):	5.133562418812473
Encrypted:	false
SSDEEP:	12:TMHdNMNxxwRFCnWimI002EtM3MHdNMNxxwRFCnWimI00ON6Kq5EtMb:2d6NxyRFCSZHKd6NxyRFCSZ7ub
MD5:	FEB670FC4FDB21BEE472511CC6406801
SHA1:	C107B041445B4DBEBD78755F6FFC46C77DA549B4
SHA-256:	C80BA161162CFD190BD629DFB553DEB9F05D81375DCBFAB7D69198F54A2EACE8
SHA-512:	8EF510CACB63414CD2FD72A7B49884C7EA0BCBF4E304B6589A567E37080F2E75780F22D3A199619B40917DE6A2099B649EB5D34486FE2DD1DC97A235F09016AE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x3f6ba5a2,0x01d7280b</date><accdate>0x3f6ba5a2,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x3f6ba5a2,0x01d7280b</date><accdate>0x3f6ba5a2,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	660
Entropy (8bit):	5.138271892070954
Encrypted:	false
SSDEEP:	12:TMHdNMNxcBkXCnWimI002EtM3MHdNMNxcBkXCnWimI00ONVEtMb:2d6NxIkXCSZHKd6NxIkXCSZ71b
MD5:	941A141A87D4BA48F398944B925C126A
SHA1:	956390122E6CEE79B985ED94A3FC41871FC55854
SHA-256:	6DB3C3ABD79A059021AFF29EC56AF3D1262FEDEBDB3D393C8260CAB7FEB0CBD1
SHA-512:	0CC50B82ACF12AFB999F960BCCF5819915DE1664316C657B0080532DF309B06CD5DCCEA2BEE04E460AE8175965C9E613F04C706AEDE4B580A7BF0D6E03AAD2AA
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x3f694333,0x01d7280b</date><accdate>0x3f694333,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x3f694333,0x01d7280b</date><accdate>0x3f694333,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	654
Entropy (8bit):	5.094432526109964
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnwRFCnWimI002EtM3MHdNMNxfnwRFCnWimI00ONe5EtMb:2d6NxoRFCSZHKd6NxoRFCSZ7Ejb
MD5:	31F7EF116385D391DAD4F7C9A62EFB3C
SHA1:	B3299BA7121F96FDEA29023BC86F190FFAFC4D88
SHA-256:	399F6BFA677224CD7859C7FED84A767098F965F71D761A8F07678E137C518FC7
SHA-512:	7AFBF48A2F40F8393808E3A5480423FAC041A71A1A0BEFB478F9D4B20FD271823779E1EE9B9D061D5D5861D68EE2C9473D838DB11B8AE9CA9EF8F9B1FE9E503D
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x3f6ba5a2,0x01d7280b</date><accdate>0x3f6ba5a2,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x3f6ba5a2,0x01d7280b</date><accdate>0x3f6ba5a2,0x01d7280b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\transp[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	43
Entropy (8bit):	3.0314906788435274
Encrypted:	false
SSDEEP:	3:CUnaaatwltxlHh/:f/
MD5:	FB02F374B8F73825415DB1BCCD4BD76D
SHA1:	B103AA629CACDD90B39538A7561DA7F8E49AD73F
SHA-256:	CAA849B179BEFA2645A8E2C474D2E82A76777A3305315ECE911013E8EE9A916C
SHA-512:	3BE8176915593E79BC280D08984A16C29C495BC53BE9B439276094B8DCD3764A3C72A046106A06B958E08E67451FE02743175C621A1FAA261FE7A9691CC77141
Malicious:	false
Reputation:	low
IE Cache URL:	https://images-na.ssl-images-amazon.com/images/G/01/nav/transp.gif
Preview:	GIF89a.............!.......,...........D..;

C:\Users\user\AppData\Local\Temp\~DF4FE0FD20E7F8AA5F.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4747929034780874
Encrypted:	false
SSDEEP:	12:c9lCg5/9lCgeK9l26an9l26an9l8fR/T9l8fR/T9lTq/CnQUM2MQ6M6ff6M1M+Rt:c9lLh9lLh9lIn9lIn9lo79lo79lWbb
MD5:	CB938A18802FCA1EA1F24EE71BD4A3D3
SHA1:	A513C1D807A3734D20FC5B44562A20E0DC31A487
SHA-256:	EC176C36B6CAD751D5E542B14DAE5FDA49E943ADA9B3FB0D2D1063E772D4D5A7
SHA-512:	4DC34161A93194942A45B967C88D405AFA248CB2422CD053CA2D259CFCC4F79B8E09117D951CB9343C7E2986BC2083378FA8438F68DC230BB23E0806F07BDFEE
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFAF282A198F71CD88.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	34437
Entropy (8bit):	0.36322278214362896
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwhL9lwhUk9l2h99l2hM:kBqoxKAuvScS+hUhyh4hJhFIhFh13FFD
MD5:	FAB16474FF1DFEA02348E6E49C3A9793
SHA1:	92DCA7655DE3BBDB7F10A520EE8F879416D92D36
SHA-256:	2FE79060BE9C26A6136953EF947BCF814E83B0023C540509DDD33BAFC4EF06D0
SHA-512:	F682E7E5976C11458090E26B8C70854B9E4922DE80AD02FEB9F456DB528F8090F2C62F5DA7501E0EDCE92A2EAC4ABFF61943D977CFED23A4CFFE618FC63F8611
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFE3608ED5A967EBAC.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 88
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 2, 2021 14:57:28.944664001 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:28.944772005 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:28.986255884 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:28.986284018 CEST	443	49706	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:28.986371040 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:28.986411095 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:28.991602898 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:28.991708040 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.033128023 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.033175945 CEST	443	49706	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.033401966 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.033480883 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.033519030 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.033571959 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.033572912 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.033618927 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.033623934 CEST	443	49706	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.033672094 CEST	443	49706	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.033701897 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.033724070 CEST	443	49706	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.033746004 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.033778906 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.035617113 CEST	443	49706	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.035744905 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.036355019 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.036442995 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.068324089 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.068511963 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.073879004 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.074481010 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.074536085 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.110596895 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.110646963 CEST	443	49706	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.111164093 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.111242056 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.111291885 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.111354113 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.111953020 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.112252951 CEST	443	49706	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.112353086 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.112365961 CEST	443	49706	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.112420082 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.112905979 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.116561890 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.116935968 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.117002010 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.117053986 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.117119074 CEST	443	49706	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.117166042 CEST	443	49706	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.117233992 CEST	49706	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.153362989 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.154330015 CEST	443	49706	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.565498114 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.565524101 CEST	443	49707	99.86.164.215	192.168.2.5
Apr 2, 2021 14:57:29.565642118 CEST	49707	443	192.168.2.5	99.86.164.215
Apr 2, 2021 14:57:29.663647890 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.663742065 CEST	49709	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.705439091 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.705616951 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.706242085 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.707015038 CEST	443	49709	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.707521915 CEST	49709	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.708097935 CEST	49709	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.747994900 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.748193979 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.748260021 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.748317003 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.748320103 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.748368025 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.749206066 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.750561953 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.750669003 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.751601934 CEST	443	49709	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.761233091 CEST	443	49709	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.761312008 CEST	443	49709	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.761405945 CEST	443	49709	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.761437893 CEST	49709	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.761509895 CEST	49709	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.761518955 CEST	49709	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.766535997 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.766546011 CEST	443	49709	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.766634941 CEST	49709	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.767072916 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.767190933 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.770653963 CEST	49709	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.771323919 CEST	49709	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.808316946 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.808799982 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.808908939 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.808950901 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.808995962 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.808995962 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.809062004 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.810606003 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.810801983 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.810858965 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.810887098 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.810914993 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.813913107 CEST	443	49709	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.814568043 CEST	443	49709	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.814613104 CEST	443	49709	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.814675093 CEST	443	49709	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.814681053 CEST	49709	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.814755917 CEST	49709	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.818305969 CEST	49709	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:29.853271961 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:29.861731052 CEST	443	49709	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:30.260680914 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:30.302568913 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:30.312345028 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:30.312407970 CEST	443	49708	99.86.157.3	192.168.2.5
Apr 2, 2021 14:57:30.312525988 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:30.312578917 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:30.348696947 CEST	49708	443	192.168.2.5	99.86.157.3
Apr 2, 2021 14:57:30.390676022 CEST	443	49708	99.86.157.3	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 2, 2021 14:57:20.227262974 CEST	65307	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:20.297708988 CEST	53	65307	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:20.944607019 CEST	64344	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:21.000051975 CEST	53	64344	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:21.740748882 CEST	62060	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:21.799968958 CEST	53	62060	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:22.529001951 CEST	61805	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:22.589724064 CEST	53	61805	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:23.290854931 CEST	54795	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:23.339529991 CEST	53	54795	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:24.603571892 CEST	49557	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:24.650824070 CEST	53	49557	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:25.433098078 CEST	61733	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:25.489464045 CEST	53	61733	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:26.329284906 CEST	65447	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:26.375428915 CEST	53	65447	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:27.735012054 CEST	52441	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:27.791215897 CEST	53	52441	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:28.877793074 CEST	62176	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:28.935740948 CEST	53	62176	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:29.599298000 CEST	59596	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:29.661498070 CEST	53	59596	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:32.007056952 CEST	65296	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:32.053088903 CEST	53	65296	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:32.781333923 CEST	63183	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:32.827573061 CEST	53	63183	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:33.652869940 CEST	60151	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:33.698754072 CEST	53	60151	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:34.527177095 CEST	56969	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:34.573132038 CEST	53	56969	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:45.258786917 CEST	55161	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:45.321182966 CEST	53	55161	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:48.505721092 CEST	54757	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:48.564443111 CEST	53	54757	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:57.793484926 CEST	49992	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:57.841209888 CEST	53	49992	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:58.524343967 CEST	60075	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:58.571913004 CEST	53	60075	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:58.795033932 CEST	49992	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:58.841087103 CEST	53	49992	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:59.529865026 CEST	60075	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:59.575714111 CEST	53	60075	8.8.8.8	192.168.2.5
Apr 2, 2021 14:57:59.797005892 CEST	49992	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:57:59.843349934 CEST	53	49992	8.8.8.8	192.168.2.5
Apr 2, 2021 14:58:00.544944048 CEST	60075	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:58:00.602895021 CEST	53	60075	8.8.8.8	192.168.2.5
Apr 2, 2021 14:58:00.664001942 CEST	55016	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:58:00.709980965 CEST	53	55016	8.8.8.8	192.168.2.5
Apr 2, 2021 14:58:01.810709000 CEST	49992	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:58:01.856734991 CEST	53	49992	8.8.8.8	192.168.2.5
Apr 2, 2021 14:58:02.560756922 CEST	60075	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:58:02.608159065 CEST	53	60075	8.8.8.8	192.168.2.5
Apr 2, 2021 14:58:05.827023029 CEST	49992	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:58:05.873115063 CEST	53	49992	8.8.8.8	192.168.2.5
Apr 2, 2021 14:58:06.576697111 CEST	60075	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:58:06.623087883 CEST	53	60075	8.8.8.8	192.168.2.5
Apr 2, 2021 14:58:10.341048002 CEST	64345	53	192.168.2.5	8.8.8.8
Apr 2, 2021 14:58:10.405073881 CEST	53	64345	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 2, 2021 14:57:28.877793074 CEST	192.168.2.5	8.8.8.8	0x48e1	Standard query (0)	www.amazon.com	A (IP address)	IN (0x0001)
Apr 2, 2021 14:57:29.599298000 CEST	192.168.2.5	8.8.8.8	0x2a01	Standard query (0)	images-na.ssl-images-amazon.com	A (IP address)	IN (0x0001)
Apr 2, 2021 14:57:45.258786917 CEST	192.168.2.5	8.8.8.8	0xb27f	Standard query (0)	favicon.ico	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Apr 2, 2021 14:57:28.935740948 CEST	8.8.8.8	192.168.2.5	0x48e1	No error (0)	www.amazon.com	tp.47cf2c8c9-frontier.amazon.com		CNAME (Canonical name)	IN (0x0001)
Apr 2, 2021 14:57:28.935740948 CEST	8.8.8.8	192.168.2.5	0x48e1	No error (0)	tp.47cf2c8c9-frontier.amazon.com	d3ag4hukkh62yn.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Apr 2, 2021 14:57:28.935740948 CEST	8.8.8.8	192.168.2.5	0x48e1	No error (0)	d3ag4hukkh62yn.cloudfront.net		99.86.164.215	A (IP address)	IN (0x0001)
Apr 2, 2021 14:57:29.661498070 CEST	8.8.8.8	192.168.2.5	0x2a01	No error (0)	images-na.ssl-images-amazon.com	m.media-amazon.com		CNAME (Canonical name)	IN (0x0001)
Apr 2, 2021 14:57:29.661498070 CEST	8.8.8.8	192.168.2.5	0x2a01	No error (0)	m.media-amazon.com	c.media-amazon.com		CNAME (Canonical name)	IN (0x0001)
Apr 2, 2021 14:57:29.661498070 CEST	8.8.8.8	192.168.2.5	0x2a01	No error (0)	c.media-amazon.com		99.86.157.3	A (IP address)	IN (0x0001)
Apr 2, 2021 14:57:45.321182966 CEST	8.8.8.8	192.168.2.5	0xb27f	Name error (3)	favicon.ico	none	none	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 2, 2021 14:57:29.035617113 CEST	99.86.164.215	443	192.168.2.5	49706	CN=www.amazon.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Jul 13 02:00:00 CEST 2020 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Sat Jul 10 14:00:00 CEST 2021 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
Apr 2, 2021 14:57:29.036355019 CEST	99.86.164.215	443	192.168.2.5	49707	CN=www.amazon.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Jul 13 02:00:00 CEST 2020 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Sat Jul 10 14:00:00 CEST 2021 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
Apr 2, 2021 14:57:29.750561953 CEST	99.86.157.3	443	192.168.2.5	49708	CN=Images-na.ssl-images-amazon.com CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Tue Mar 23 01:00:00 CET 2021 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Wed Mar 23 00:59:59 CET 2022 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
Apr 2, 2021 14:57:29.766546011 CEST	99.86.157.3	443	192.168.2.5	49709	CN=Images-na.ssl-images-amazon.com CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Tue Mar 23 01:00:00 CET 2021 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Wed Mar 23 00:59:59 CET 2022 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022

Code Manipulations

Statistics

CPU Usage

• iexplore.exe
• iexplore.exe

Click to jump to process

Memory Usage

• iexplore.exe
• iexplore.exe

Click to jump to process

Behavior

• iexplore.exe
• iexplore.exe

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 484 Parent PID: 792

Function Logs

General

Start time:	14:57:27
Start date:	02/04/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7553c0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Window UI Enumerated

Show Windows behavior

Network Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: iexplore.exe PID: 1716 Parent PID: 484

Function Logs

General

Start time:	14:57:27
Start date:	02/04/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:484 CREDAT:17410 /prefetch:2
Imagebase:	0xf00000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Registry Activities

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Show Windows behavior

Network Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 484 Parent PID: 792

General

File Activities

File Opened

File Created

File Written

File Read

File Attributes Queried

Directory Queried

Volume Information Queried

Device IO

Section Activities

Sections loaded by Windows

Registry Activities

Key Opened

Key Value Created

Key Value Modified

Key Value Deleted

Key Monitored